package com.qf.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@CrossOrigin
@RequestMapping("/visitor")
public class VisitorController {

    @GetMapping("/hello")
    public String hello() {
        return "hello, visitor";
    }

    @GetMapping("/list")
    @PreAuthorize("hasRole('ADMIN')")
    public String list() {
        return "hello, user";
    }

    @GetMapping("/delete")
    @PreAuthorize("hasRole('VIP')")
    public String delete() {
        return "hello, user";
    }

}